Enable TLS v1.1 and TLS v1.2 support for EWS
In Kofax Import Connector, for EWS to send TLS v1.1 and TLS v1.2 confirming requests and messages to the Microsoft Exchange server, modify/add specific registry keys for both the client (Message Connector) and Exchange Server.
Install the required .NET Framework 3.5.1 updates to enable TLS v1.1 and TLS v1.2. Use the appropriate links from the following table to upgrade .NET Framework for the applicable Operating System in use.
Operating System (Server/Client) | Web link |
---|---|
Windows Server 2012 | 3154519 |
Windows 8.1 and Windows Server 2012 R2 | 3154520 |
Windows 10, version 1511 | 3156421 |
To enable TLS, do the following for:
Enable TLS v1.1 and TLS v1.2 for Message Connector
To enable TLS v1.1 on a computer where Message Connector is installed, add or modify the following registry sub keys.
Operating System type | Registry path | Sub key | Type | Description |
---|---|---|---|---|
64-bit | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 | SystemDefaultTlsVersions | dword | Set this sub key value to 1 |
64-bit | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727 | SystemDefaultTlsVersions | dword | Set this sub key value to 1 |
32-bit | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 | SystemDefaultTlsVersions | dword | Set this sub key value to 1 |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client | DisabledByDefault | dword | Set this sub key value to 0. |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client | Enabled | dword | Set this sub key value to 1. |
To enable TLS v1.2 on a computer where Message Connector is installed, add or modify the following registry sub keys.
Operating System type | Registry path | Sub key | Type | Description |
---|---|---|---|---|
64-bit | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 | SystemDefaultTlsVersions | dword | Set this sub key value to 1 |
64-bit | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727 | SystemDefaultTlsVersions | dword | Set this sub key value to 1 |
32-bit | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727 | SystemDefaultTlsVersions | dword | Set this sub key value to 1 |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client | DisabledByDefault | dword | Set this sub key value to 0. |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client | Enabled | dword | Set this sub key value to 1. |
Enable TLS v1.1 and TLS v1.2 for Exchange Server
To enable TLS v1.1 on a computer where Microsoft Exchange Server is running, add or modify the following registry sub keys.
Operating System type | Registry path | Sub key | Type | Description |
---|---|---|---|---|
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client | DisabledByDefault | dword | Set this sub key value to 0. |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client | Enabled | dword | Set this sub key value to 1. |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server | DisabledByDefault | dword | Set this sub key value to 0. |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server | Enabled | dword | Set this sub key value to 1. |
To enable TLS v1.2 on a computer where Microsoft Exchange Server is running, add or modify the following registry sub keys.
Operating System type | Registry path | Sub key | Type | Description |
---|---|---|---|---|
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client | DisabledByDefault | dword | Set this sub key value to 0. |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client | Enabled | dword | Set this sub key value to 1. |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server | DisabledByDefault | dword | Set this sub key value to 0. |
32-bit/64-bit | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server | Enabled | dword | Set this sub key value to 1. |
- Enable both server and client (Message Connector) sub keys at Exchange Server and then restart the computer.
-
To support this feature on Exchange Server 2013, install all the latest updates available for Exchange Server 2013. Additionally, for Exchange Server 2013, install the CU16 update. We also recommend installing the latest updates for all exchange servers.